Thoughts on business ethics, corporate governance, risk management and compliance

Main menu

Tag Archives: Financial Crime

Post navigation

The gross turnover of top 100 multinationals is higher than the gross domestic product of a few countries. As it was obvious from the financial crises, organizations employing a few hundred thousand employees can rock the global financial stability. From then on, a lot of discussion is occurring around systemic risks. However, I wonder about the actual momentum in addressing systemic risks.

As per my understanding, an inaccurate perception has formed that governments have the major responsibility to address systemic risks and not the organizations. The picture below depicts the increasing level of risks for human civilization or society as a whole and the increasing level of risks within an organization. Though we do not see linear relationships, they are interconnected. While an organization is a subset of the civilization, their large sizes have also made it a significant component of creating systemic risks.

Another fallacy is that organization’s need to track systemic risks at the global level alone. From the financial crises, it was obvious that the Retail Housing Loan departments of US Banks shook the real estate industry. Various CDOs of banks investment divisions were the cause of collapse of major banks. Hence, something as small as the functioning of a department, process or product can destabilize the industry and economy when incorrect practices are followed in multiple organizations.

Moreover, senior management of organizations that have implemented Enterprise Risk Management (ERM) believe that systemic risks are automatically addressed. None of the ERMs is going beyond strategic risks. The focus is mostly on operational and tactical risk coverage. Unless the risk management department has taken concrete measures to identify systemic risks, in all probability they are unmitigated.

Lastly, for most of the systemic risks, the organization by itself can only partly mitigate the risks. Except for taking insurance, they cannot develop and implement full-fledged solutions to treat the risks. Though the impact of systemic risks is huge, the lack of understanding, information and solutions, make organizations negligent about identifying and addressing these risks. Hence, the question is – what should organizations do to manage systemic risks?

1. Global Systemic Risk Monitoring Group

Within the risk management department there should be dedicated resources tracking systemic risks from process to country level and reporting to the global group. In the interconnected world, the risks in one country impact other countries. For instance, consider the attack on Malaysian airplane by rebels in Ukraine. A geo-political risk of one country has brought an organization of another country down. Hence, now the risks have to be viewed from a global perspective. To do this organizations must incorporate the group within the organization structure, deploy funds and resources, use technology to connect and track risks at a global level.

2. Connecting With National Risk Boards

The 2014 World Bank Risk Report suggests formation of National Risk Boards (Same name, could they have got inspired by this blog :)). This will be a huge plus, since risk identification and mitigation will be done at a national level. For instance, if a large country like India were connected at district, state, and national level through risk boards, the level of risk management would improve significantly.

Moreover, this will facilitate in addressing inter-state risks and cross border risks. For example, cyber security threats mitigation requires coordination within the country and significant amount of international collaboration. The national risk boards of countries become the focal point for international cooperation and collaboration for risk mitigation. Developing relationships with the board members and participating in the initiatives will help organizations in dealing with systemic risks.

3. Connecting With Industry Risk Boards

The systemic risk group needs to connect with the industry risk boards and regulators to capture the industry level risks. For instance, Back of England conducts a half-yearly survey to determine systemic risks in UK financial sector and the confidence of the organizations in dealing with it.

If organizations facilitate in formation and management of industry risk boards, they can cooperate with the competitors to mitigate industry level risks. Relationships with international industry boards would be a huge plus in acquiring knowledge and formulating plans.

4. Assessing Preparation at National Level

The World Bank report states that investment in risk mitigation and prevention is low, and most of the expenditure is done during and after a disaster to recover and continue operations. Therefore, the challenge is that risk identification may not result in developing and implementing risk mitigation plans. For example, various cities in India regularly suffer from floods during monsoons. ALthough the government knows the problem and solutions, it has not done much to resolve the issue. There are ongoing battles between city, state, and national level for risk prioritization.

That is, the same risk may have different impact and loss level due to national level preparation. Organizations need to assess the level of preparation of government and local communities to determine the impact and develop risk mitigation plans accordingly.

5. Assessing Impact at Social Level

Previously, organizations were insulated from the society to some extent. The social networks have changed the scenario, and any incident can become an explosive issue. Hence, impact has to be calculated at social level rather than at an incident level. For instance, recently a six-year-old girl in Bangalore was gang-raped in school by her teachers. Last weekend, parents in Bangalore organized marches to demonstrate their anger against the schools lackadaisical attitude towards children security. Police has lodged complaints against the school and politicians are talking about closing the school.

Presently, rape, women, and child security are sensitive topics in India. India is fourth unsafe country in the world for women. Hence, a single incident can close down an organization. Therefore, risk managers need to identify sensitive issues related to systemic risks and extrapolate the impact at city, state, country, and global level to determine impact of various risks.

Closing Thoughts

Systemic risks impact is sometimes more than losses of earthquakes, tsunamis and nuclear disasters, hence they cannot be ignored. Higher level of focus is required within organizations, industry, community, and nations to build processes, institutions, and infrastructure to identify and mitigate systemic risks. Timely investment in this area can save billions of dollars. Hence, risk managers need to put their thinking caps on, develop concept notes, and influence senior managers to deploy funds in managing systemic risks.

The Javelin Strategy & Research Identity Theft Report 2013 states that 5.16% of US customers suffered from identity theft amounting to US$20.9 billion. Moreover, Tablet users had the highest probability of fraud at 9.6%. Victims of data breach had a 22.5% likelihood to becoming fraud victims. Hence, it is clear that while organizations are deploying more processes, technology and resources to prevent fraud, the fraudsters are having a ball. One thing fraudsters do, is to think outside the box. So we have to take a leaf out of their book and be innovative in our approach to prevent and detect fraud. Below are some ideas on the same. Share with me your thoughts on what you think about them.

1) Voice Print Analysis

Presently, in most of the banks, a call center agent asks a set of questions to verify the identity of customer for telephone banking. Internal employees, external fraudsters and organized crime groups can easily steal information about date of birth, place of birth, address, secret questions, and card number.

Now voice-printing software is available for authentication of voice. The system automatically verifies the caller voice with the customer’s sample voice to identify fraudulent callers and protect the account.

Secondly, maintain voice records of earlier fraudsters. When system detects a fraudulent caller, it automatically checks against the previous fraudulent call records. Hence, the system will flag if a fraudster has previously conducted a telephone banking fraud. With this, it will be easy to nab the fraudster, if the police had caught him/her in a previous case.

A new voice identity technology is available that captures the tone of the voice and the type of communication. The software can monitor quality of calls and customer satisfaction from call center agents’ conversations with customers. This will cut manual quality control checks significantly and result in savings in quality control department costs.

2) Track through Photographs and Location Mapping

Besides having voice-printing software, use a system similar to WhatsApp to identify of customers. WhatsApp sends text messages, images, video recordings, audio recordings, and the location. If banks invest in a similar application and allow customers to download the application on their mobile phones and tablets, the number of telephone and internet frauds will reduce.

If a fraudulent caller is flagged, then the call center agent can request the customer to send a selfie or video. If it is the wrong person, usually the caller will cut the conversation and drop the attempt to commit a fraud.

If the caller is able to circumvent this control, the application will also track the location. Applications track the frequent places a customer visits or calls from. If the caller is from an unusual place, then s/he can be tracked immediately. For example, if a British customer is tracked to a place in India, the call centre agent can ask the caller to verify their location.

3. Track Spending Behavior

Sometimes high value fraudulent payments are processed resulting in huge losses. A study done by Vivek K. Singh*, Laura Freeman*, Bruno Lepri, Alex (Sandy) Pentland for “Classifying Spending Behaviour using Socio-Mobile Data” determined the spending behavior of customers from the social interaction patterns on mobile phones. For example, it showed that more social couple and couples with diverse business interests tend to spend more.

Using big data, insights on spending behavior of customers can be analysed based on personality traits. Tracking social patterns and payment patterns can flag out anomalies when the payment is not in line with the spending pattern. Moreover, a location map can identify the location of beneficiaries of previous payments . Hence, fraudulent payments can be identified at the time of processing itself.

Another advantage from this technology can be for processing retail loan applications. If prospective customers are willing to give the data of mobile phone transactions, then at the time of processing the application itself, the bank can identify which customers are likely to overspend and default in future. The bank can ask for additional securities and guarantees.

Moreover, if the application is installed in the loan customer’s mobile after loan disbursement, the moment s/he is about to overspend which might result in default of EMI, the bank can send the customer an alert to pay the EMI first.

4. Fraud Risk Conversations

According to psychological studies on emotional intelligence, Negative Emotional Attractor’s activate defense systems and build resistance to change. On the other hand, Positive Emotional Attractors (PEA) activates parasympathetic nervous system and makes a person more conducive to listen and change behavior. An effective team has a 3:1 ratio of PEA:NEA. Another study shows that improving peer-to-peer conversation increases productivity of the team by 30 to 40%.

However, risk management reports are mainly critical hence activate NEA. Moreover, the communication, training material, and code of conduct are all geared towards creating fear and guilt. Hence, it is not surprising that attempts to educate business teams on fraud risks fail.

Fraud risk managers can build a positive interaction model using technology platform. A study conducted by Erez Shmueli_, Vivek Kumar Singh_, Bruno Lepri and Alex ”Sandy” Pentland on “Sensing, Understanding, and Shaping Social Behavior” enables tracking of human behavior through big data analytics. The analytic helps in understanding the behavior, the tone of the conversation and the trust relationships between people.

Using this technology, an organization can use a social networking platform to communicate fraud risks through blogs, videos, and stories. The write-ups and stories should be from the business teams. From the comments section, the application can identify the key influencers and trust holders to bring about change. Thus, change the conversation to change the behavior.

Closing Thoughts

The days of holding a gun to rob a bank are nearly over. Fraudsters use social engineering to obtain sensitive information to conduct account takeover frauds remotely. Hence, organizations need to use socio-physics, social networks, and technology to beat the fraudsters in their own game. Being a leader in adopting the latest technology to prevent and detect frauds has an additional advantage, the fraudsters have not discovered the antidote to it. Hence, fraud risk managers have the right weapons to fight. The right tools can make a hell of a difference.

Cohen and Folsen’s Routine Activity Theory of Crime, appeals to me at an intellectual level to understand the increasing rate of crime in Indian society. However, it contradicts my personal philosophy about human beings. The theory presumes that every human being basically has a criminal tendency and is capable of crime. I believe that human beings are inherently good and each human being irrespective of the crimes they have committed is capable of good deeds. Hence, I will try to discuss the theory without bias and balance the two opposing views. If I sound partial towards my philosophy, then forgive me from the goodness of your heart.

1. Introduction

The theory was based on analysis of US crime data of 1947-1974. During this period the average income of families increased, number of people below poverty line decreased, education levels improved, and unemployment levels decreased. However, the rate of violent crime in urban areas increased – rape (174%), assault (164%), robbery (263%) and homicide (188%).

The Indian urban society is showing similar trends since liberalization in 1990s. While growth, income, economy, facilities, education etc. has significantly improved in urban areas, the rate of crime has increased exponentially. Before, in 1960s and 1970s, others would ostracize a middle class person if he were publicly involved in criminal activity. Now, nearly every second person is involved in a corrupt and unethical activity openly. Though we blame it on deteriorating social values, this theory helps us understand why we compromise the values and participate in a crime.

2. Concept

The theory states that “structural changes in routine activity patterns can influence crime rates by affecting the convergence in space and time of three minimal elements of direct contact predatory violations: (1) motivated offenders, (2) suitable targets, and (3) the absence of capable guardians against a violation”. Lack of any one of these reduces crime. However, the level of control exercised by the guardians has a direct impact on crime. Even if motivated offenders and suitable targets remain the same, if control reduces, crime increases. The theory states that income of the offender does not have any impact on his desire to commit crime and contradicts the popular notion that people with less income have a higher propensity to commit crime.

Now this can be understood in Indian context. The number of people living away from their traditional homeland has increased as more people are living in nuclear families or as singles in different cities. The change in social behavior has changed the routine activity of people as social controls of family and community have decreased. These aspects reduce the worry of motivated offenders on how their community will judge them if they participate in unethical behavior. Secondly, the same aspect makes suitable targets more vulnerable to crime as protective layers have reduced. Hence, due to this changing social structure, motivated offenders and suitable targets have both increased. With it, the corruption in law enforcement agencies has reduced control. The sum total of it all has increased the crime rates in Indian urban areas.

3. Effect

Then the theory states that motivated offenders cooperate to strengthen their efficiency in criminal activities. On the other hand, the potential victims join hands to gain collective strength to protect themselves from the attack. The challenge becomes bigger for potential victims when high-net worth individuals undertake criminal activities. The potential victims risk of victimization increases.

From the Indian context, the driver for change in social values has been the thirst for money and power. The higher level of ambition for being powerful and materialistically successful has motivated people to break the traditional social norms and move towards corruption and crime. Previously, the lack of a good criminal justice system was compensated by strict controls from family and community. Now all the three guardians have decreased control and the value of rewards gained from criminal activity is high. The other factor to consider is that voluntary help groups and social support groups are less in India; hence, the potential victims do not get the desired protection. As Cohen said – “it is ironic that the very factors which increase an opportunity to enjoy the benefits of life may also increase the opportunities for predatory violations”. Crime has become the by-product of freedom and prosperity as it has enmeshed itself in routine activities of daily life in Indian urban society.

Closing Thoughts

My personal belief is that for every action, especially criminal or unethical activity, a person needs to ask whether they need to involve themselves in it. When one accepts rewards for the wrong reasons, one cannot avoid punishment for the wrong reasons also. Hence, why go for the wrong rewards in the first place; and if one has received them, why not return them? When one is in a financially strong position and survival does not depend on income from criminal activity, why not refuse to undertake that activity. No one can involve another in a criminal activity if the participants do not wish for any monetary benefits. Hence, to enjoy the benefits of life, say no to crime and unethical activities.

Power, we all want it. If we don’t have it, we associate with the powerful in the hope some of it rubs down to us. Being in the upper echelons of corporate world or the political corridors of the country’s parliamentary houses ensures that you are exempt from the rules applicable to the common person.

However, the way a person gets power and uses it reflects the person’s character, and its influence on others. In the corporate world, the power styles used by senior managers directly influence the risk levels of the organization. Unsurprisingly, power and politics are undiscussable topics in the corporate world; hence, when risk managers do risk assessments, they ignore the two.

I personally recommend risk managers to understand the individual power styles of the senior managers and overall organization power style. To appreciate the connection between power and risk, let us first look at the power styles and their impact on the organization.

Depending on the situation, a leader needs to use various power styles. However, if a leader uses coercive style even when it is not required, then something is wrong. Leaders frequently use power styles of reward and punishment for fulfilling illegitimate requirements. Hence, the probability of followers being involved in unethical activities requiring compromise of personal values is higher. On the other hand, the expert style ensures that followers make informed judgments as the leader attempts to enhance their ethical values and knowledge level. The reward is not in the form of a bribe and is implicit; the leader is dedicated to improving the organization.

Another aspect that requires understanding is the need for creating perception of power. When a leader is undertaking illegitimate activities (watch any Hindi movie to see the underworld Don) he needs to create a strong perception of power by using threat and punishment. Else, his coercive tactics will be ineffective, as people will not cooperate. Therefore, he makes some sacrificial goats to demonstrate that he is above the law and normal rules don’t apply to him. Another tactic is to break the social norms, and not behave rationally and predictably. Both these methods focus on creating fear to ensure compliance. Without the perception of power and fear, the leader becomes vulnerable to revolt from the common person. The only way for him to retain his power is by increasing the number of sacrificial goats, threats, and punishments.

1. Impact on Legal and Reputation Risks

A coercive leader is usually riding a tiger. The organization risks continue multiplying as more and more people become aware of the unethical practices. An elastic can be stretched up to a limit. Eventually, the concocted environment cocoon will burst and all hell will break loose. The leader cannot trust anyone after a point. Hence, his fear increases in direct proportion to his vulnerability. The leader takes more and more risks to protect his personal fiefdom. The organizations reputation risks and legal risks increase proportionately.

2. Impact on Human Resource Risks

Overtime, the leader’s charisma wears off. As the layers peel off, disillusion sets in. Employees realize that the leader doesn’t behave with integrity and honesty. Even the loyalists recognize that whenever it suits the leader’s personal agenda, they can face the bullet without any fault of their own. This creates disquiet among employees, and employee disengagement increases. The human resource risks increase manifold with disengaged employees.

3. Impact on Operational and Financial Risks

The disengagement starts effecting productivity and performance as everyone grasps that meritocracy has no links with rewards. This in turn impacts the bottom line as leader fails to deliver on targets. Failure to show profitability and results makes the leader’s position precarious. The leader starts feeling pressure from the top. As he is unable to improve productivity, he attempts to manipulate results and financial statements. In nutshell, leader’s power style influences operational risks and financial risks of the organization.

Closing Thoughts

No one can deny that success in life depends quite significantly on a person’s power and influence. The general opinion is that means to the end do not matter when we strive for power. On the contrary, how we get power and maintain power, is crucial for longevity in the powerful position. For a coercive leader, the end is tragic, as the hunter becomes the hunted. Moreover, if a leader gets power by paying bribes or giving rewards, his power ends when he stops doing so. His loyalists disappear with speed. Abusing power is no longer safe in the present world, as it increases the personal risks of the leader and the organization risks. Therefore, risk managers need to ensure for continued prosperity of the organization, that leaders get power by the rights means and use it for the right purposes.

Gandhi ji, in his book “History of Satyagraha in South Africa” narrates the coinage of the term Satyagraha and the journey of the movement. It is an amazing story of sacrifice, determination, and moral courage. Hence, I wondered whether we can use the concept to fight corruption in this century.

The irony is that Gandhi ji started the Satygraha movement in South Africa because Europeans passed unfavourable laws for Indians. They were scared of Indian traders and professionals taking a huge slice of the business, hence passed laws to restrict their liberty to live and trade freely. Greed was at the crux of it since there were plenty of natural resources in South Africa for Europeans, Blacks, and Indians. Now India is being destroyed by the greed of its leaders and public.

Gandhi ji’s story stands in stark contrast to the Anna Hazare led fight against corruption. Hazare’s was packaged as Gandhian inspired struggle but as results showed it was far from it. Hazare took the stance of my way and high way on the Lokpal Bill, whereas Gandhi ji believed in negotiation. Moreover, Hazare’s was a publicity driven exercise of a few fasts and he quickly distanced himself from it when he faced failure. Another aspect was that though thousands turned up in support at the initial stage, no one made use of that energy constructively and directed people to do something more than shout slogans on the streets. Hence, the euphoria disappeared after a short while, as the educated middle class needed an action plan to maintain their commitment.

It brings back to our understanding of Satyagraha. We generally confuse it with “passive resistance” and it was the same situation when Gandhi ji developed the concept a century back. Below are few points from the book:

1) Satyagraha

Gandhi ji considered Satyagraha as a soul-force. The Satyagrahies never used physical force even when they had the capability for it. In Gandhi ji’s word – “Satyagraha is soul-force pure and simple, and whenever and to whatever extent there is room for the use of arms or physical force or brute force, there and to that extent is there so much less possibility for soul-force. These are purely antagonistic forces in my view, and I had full realization of this antagonism even at the time of the advent of Satyagraha”

2) Passive resistance

The term “passive resistance” originated in Europe as a weapon of the weak. It was generally used when other options of fighting were not available. It was a method used by people without voting rights, or lacking public support. The people were not averse to using arms for attaining their goals. But they did not go for it because they didn’t think they would succeed with it. Hence, passive resistance was more of a strategic manoeuvre than commitment to non-violence.

3) Difference between the two

Gandhi ji described the fundamental difference in the concepts in the following paragraphs –

“The power of suggestion is such that a man at last becomes what he believes himself to be. If we continue to believe ourselves and let others believe that we are weak and therefore offer passive resistance, our resistance will never make us strong, and at the earliest opportunity we will give up passive resistance as a weapon of the weak.

On the other hand if we are satyagrahis and offer satyagraha believing ourselves to be strong, two clear consequences result from it. Fostering the idea of strength, we grow stronger and stronger every day. With the increase in our strength, our satyagraha too becomes more effective and we would never be casting about for an opportunity to give it up.

Again, there is no scope for love in passive resistance; on the other hand, not only has hatred no place in satyagraha, but it is a positive breach of its ruling principle. While in passive resistance there is a scope for the use of arms when a suitable occasion arrives, in satyagraha physical force is forbidden even in the most favourable circumstances. Passive resistance is often looked upon as a preparation for the use of force while satyagraha can never be utilized as such. Passive resistance may be offered side by side with the use of arms. Satyagraha and brute force, being each a negation of the other, can never go together.

Satyagraha may be offered to one’s nearest and dearest; passive resistance can never be offered to them unless of course they have ceased to be dear and become an object of hatred to us.

In passive resistance there is always present an idea of harassing the other party and there is a simultaneous readiness to undergo any hardships entailed upon us by such activity; while in satyagraha there is not the remotest idea of injuring the opponent. Satyagraha postulates the conquest of the adversary by suffering in one’s own person.”

4) Freedom From Corruption

Considering the above definition of Satyagraha and the differences highlighted by Gandhi ji, I haven’t seen very many noteworthy cases of mass movement of Satyagraha. Hazare’s movement just entailed short-term sacrifice and not a long-term struggle. When the public disappeared so did he.

The Satyagrahies courted prison and lived a simple life to fight for their cause. Hence, the question is that do we lack commitment and determination for long-term struggle to root out wrong habits. Is it possible and realistic to expect people to make these sacrifices in the present age of instant gratification. Can we expect Indian public to take a vow not to take or give bribes and kickbacks? Will it be expecting too much from the citizens to sacrifice a few luxuries. Will the public stay committed to the cause or leave it when it gets bored, to participate in the next novel thing.

We need to seriously think of eradicating corruption on this Independence Day. India has come a long way in one century but the corruption is eroding its sheen and destroying the country from within. We must not forget the sacrifices a whole generation of Indians made to ensure that the next generations live with freedom. Let us pledge to keep our souls free of greed.

Presently, the Serious Fraud Investigation Office of India lacks sufficient powers to initiate investigations and prosecute. The Central Bureau of Intelligence isn’t independent due to which politicians escape prosecution for corruption and money laundering. Indian police force Economic Crime wing doesn’t have expertise in dealing with electronic and financial frauds. The legal system is pathetic and takes a long time to prosecute white-collar criminals. India has a shortfall of trained fraud investigators as it hardly has any courses for students in this line.

All these aspects may make you think that Indians are new to the concept of fraud risk management. This is far from the truth. Kautilya addressed financial fraud risks in 4th century BC and most of the concepts are still used presently. Let me narrate you some of the concepts he formulated in earlier times.

1. Formation of a Central Investigation Agency

Kautilya proposed a central investigation agency for a kingdom to do espionage work. A network of spies located in different parts of the kingdom reported information to their handlers. The handlers in turn checked the authenticity of the information from three sources and if correct reported to the agency. The spies did not have direct contact with the agency to conceal true identities..

Spy selection depended on character and social position. Spies were recruited from all sections of society. Spies were positioned in all the departments and commercial ventures of the king to ensure that the head of the departments do not abuse their power or cheat the king. Women were considered particularly useful to penetrate wealthy households to get the inside story. In current India, there is a scarcity of female fraud investigators as it now considered a masculine job. However, in ancient India, women investigators and spies were quite common.

2. Types of Financial Frauds

Kautilya identified 40 ways of embezzlement. Some of them are mentioned below:

Overpricing and under-pricing of goods

Incorrect recording of quantity of raw material and other stocks

Misappropriation of funds

Teaming and lading

Misrepresentation of sources of income

Incorrect recording of debtors and creditors

Incorrect valuing and distribution of gifts

Inconsistency in donations and distributions for charity

Misappropriating goods during barter exchange

Manipulating weights and tools for measurement

Misrepresentation of test marks or the standard of fineness (of gold and silver)

It is interesting to note that Kautilya mentioned most of the frauds that occur in accounting and preparation of financial statements. It shows human psychology has remained the same. However, in India the value system has deteriorated that has resulted in increased fraud and corruption. In olden times, the value of honour was held high. For example, the prime thought in Hindi was – “prann jiye pur vachan na jiye.” (meaning – it is better to lose one’s life rather than go back on a verbal promise given)

3. Mechanism for Investigation and Punishment

The investigation process was quite similar to the current process followed. Information was initially gathered regarding the fraud from informants, spies, whistle blowers and audits. Background information of the suspects was gathered by sending spies to their residence and business premises.

Subsequently, the people involved, the suspects and witnesses were interrogated. Kautilya suggested separately examining ” the treasurer (nidháyaka), the prescriber (nibandhaka), the receiver (pratigráhaka), the payer (dáyaka), the person who caused the payment (dápaka), the ministerial servants of the officer (mantri-vaiyávrityakara)” for financial frauds. If any person lied, s/he received the same punishment as the main culprit.

Another fascinating aspect is that India doesn’t not have any law similar to the whistle blower provisions of Dodd Frank Act. However, Kautilya proposed – “Any informant (súchaka) who supplies information about embezzlement just under perpetration shall, if he succeeds in proving it, get as reward one-sixth of the amount in question; if he happens to be a government servant (bhritaka), he shall get for the same act one-twelfth of the amount.”

The punishment for fraud depended on the nature and value of fraud. It ranged from nominal fines to death penalty. The victim was compensated for the losses suffered.

Closing Thoughts

The processes proposed by Kautilya for fraud detection were followed even until the Moghul rule. However, these were dismantled during the time of British Rule as the Indian Penal Code was formulated. The difference between Mogul rule was that Moguls settled in India, marriages took place between Indian royalty and Mogul rulers and the culture got integrated over time.

The British came to rule for economic purposes. They wished to take advantage of India’s natural resources and vibrant economy. They levied their own rules and did not integrate them with the Indian culture. Hence, over time the Indian value system was lost or kept for namesake only. Overtime, as even after independence the British education system was used, a split ethical value system developed between personal values and business ethics. Therefore, corruption increased in the business environment till it became all-pervasive in the society. It is going to take a lot of effort to change the system now. No short-term solutions will work.

Professionals want to know the origin of their profession, the work done in olden times and the level of knowledge. I thought of sharing with you the history of Indian accounting and auditing profession. I discovered in Kautilya’s Arthshastra that it existed in ancient India in 4th century BC. Therefore, my guess is that it would have originated at least a few centuries earlier. The accounting principles and standards used in the present century are similar to those that existed in the 4th century BC. This nugget of information may have surprised you.

Broadly, Kautilya’s Arthshastra covers accounting principles and standards, role and responsibilities of accountants and auditors, the methodology of accounting, auditing and fraud risk management, and the role of ethics in managing financial activities. Let me share some of the concepts with you in the next couple of posts.

1. Maintenance of Accounts

The accounting financial year was fixed to July-June period and with a full process for closure of accounts and audit of the same. It covered the method of consolidating the accounts from various departments of the government to assess the net income and loss. The accountants were required to furnish the completed annual accounts to the head office mid-July. Delay and/or failure to do so attracted financial penalties.

2. Classification of Receipts

Kautilya states that “receipts may be (1) current, (2) last balance, and (3) accidental (anyajátah= received from external source).” In it, he differentiates between cash receipts and debtors, current and accrued income, income from other sources, windfall gains, and recovery of bad debts. He recognized the concept of risk and suggested different rate of interests for loans. Foreign trade loan attracted the highest interest, as the returns were uncertain.

3. Classification of Expenditure

Expenditure classification was similar to receipts classification and included the differentiation between capital expenditure and revenue expenses. Kautilya described it as – “Expenditure is of two kinds—daily expenditure and profitable expenditure.” The difference between income and expenditure was termed as “net balance”. He insisted on making long-term investments in construction and other works as these would generate profits over a period. It also entailed keeping track of work in progress.

4. Role and responsibility of accountants

A hierarchical organization structure of senior to junior accountants existed within the king’s treasury function. The accountants maintained books of accounts on an annual basis according to prescribed standards. The same were furnished for audit at year-end. Kautilya suggested good salaries to accountants and auditors as high income would keep them ethical. Accountants would be more prone to commit fraud if they earned very little.

5. Segregation of Roles of Treasury and Auditor

The fascinating part of Kautilya’s approach was that he recognized conflict of interest between finance and auditing functions. He categorically stated that the head of finance and head of audit should independently and separately report to the king. He recognized the possibility of collision between the two. In India, in the government the Comptroller General of Audit and Ministry of Finance are two separate functions. However, in the corporate world still in quite a few companies chief audit executive are reporting to chief financial officer rather than the chief executive officer.

6. Building an Ethical Culture

Kautilya believed character reflected personal values of individual and ethical values learning must commence from childhood. Even as an adult ethical conduct was as important as professional skills. He proposed measures to build ethical climate in the kingdom. However, he was practical and recognized the potential of corruption. In accounting, he talked about misstating financial statements due to abuse of power and fraudulent reporting. He devised a system of reward and punishment to ensure compliance to rules and regulations.

7. Verification and Auditing of Accounts

The concept of continuous monitoring, periodical auditing, verification and vouching existed in ancient times. Checks were done daily and periodically (five nights, pakshás, months, four-months, and the year). The attributes used in the present day for verifying income and payment vouchers were also used in earlier times. Interestingly, each department had spies to provide information and report wrongdoing to the seniors. There was a full process for discovering fraudulent transactions and punishing accountants for misstating financial statements. I shall cover that in the next post.

Closing Thoughts

Kautilya prescribed the accounting theory that included bookkeeping, preparation of financial statements, auditing and fraud risk management. He considered accounting as an integral part of economics. Various kingdoms in India used his work until the 15th century AD i.e. before the colonial rule. I am not aware whether similar level of knowledge existed in other parts of the world before the Christian era. If you do have information, please share it with me. It will be an enthralling journey into the past.

Barclays is again in the limelight due to a damaging report on the deviant culture existing in the Investment division. After LIBOR rate fixing scandal and quick departures of senior managers, trouble is again brewing in Barclays. The COO of Investment banking division, Andrew Tinney quit when it was discovered that he shredded the only copy of a report that clearly stated the bullying culture of the organization. Then the new CEO, Anthony Jenkins discovered when an internal whistle blower mentioned it to him. He sent out a message to staff on culture change. Here are some insights into the story.

1. The Damaging Report on Dysfunctional Culture

Daily Mail story states that the report prepared by Genesis Ventures - “paints a devastating picture of incompetence and arrogance at the bank, showing that executives:

Pursued a ‘revenue at all costs’ strategy.

Fostered a culture of fear and intimidation.

Were ‘actively hostile’ to the idea of compliance with banking rules.

Presided over a ‘broken culture’ where problems were ignored or buried.

Allowed the business to spin ‘out of control.”

The senior management intentionally understaffed support functions, was hostile to compliance and attacked those who spoke contrary to senior management views. A senior manager threw the risk management report publically saying – “this is a piece of s***” showing utter contempt and disregard for the same.

The summarization of the report states – ‘The senior team portray themselves as all-powerful and all-knowing… and people chose to disagree with them at their own peril. It is a mentality of superiority which, when combined with other deficiencies, stops the team from tackling their blind spots. When those deficiencies are in compliance, this results in serious issues that no one else has the power to address.’

The bank’s culture has become completely deviant, and it will be a long road ahead for significant change to occur. The problem is that this issue is prevailing in other banks also. They depict the same culture and attitude. Unless we understand why it is occurring and senior managers take sincere steps, nothing positive will happen.

2. The Psychological Explanation

Western banks are known for their arrogant and aggressive culture. Some view arrogance as a positive trait and humility as a negative trait, while the opposite is true. Stanley Silverman developed Workplace Arrogance Scale to measure arrogance level in the organizations. He stated the arrogant people demean others to prove superiority and competence. However, as per his results arrogant people showed lower intelligence and self-esteem in comparison to their peers. He identified four red flags to identify arrogant behaviour:

Does the boss discredit others’ ideas during meetings and often make them look bad?

Does your boss reject constructive feedback?

Does the boss exaggerate his/her superiority and make others feel inferior?

If you link back to the damaging report, the senior management at Barclays showed these traits in abundance. Even during the financial crises, the bankers didn’t feel apologetic and showed no humility. Now, being in such senior positions one cannot say they lack intelligence, however, questioning their self-esteem is definitely a valid path.

In another psychological study conducted by Angela Y. Lee, a professor of marketing at the Kellogg School of Management, it was determined that people with low self-esteem defend the brands more when their favourite brands are attacked. This explains why bankers refused to change and continued their behaviour when under attack during the financial crises.

3. The CEO Message for Culture Change

Deal Book reported that Anthony Jenkins, the CEO of Barclays sent a mail out to the staff with a clear message – “change or leave”. He categorically stated the values – Respect, Integrity, Service, Excellence and Stewardship – to be adopted by Barclays employees. He further added that those who do not change their behavior are free to leave. His words were – “My message to those people is simple: Barclays is not the place for you. The rules have changed. You won’t feel comfortable at Barclays and, to be frank, we won’t feel comfortable with you as colleagues.”

He highlighted that in the last two decades financial institutions pursued profits and compromised integrity and reputation of the organization. He said there is no choice between values and profits. Employees must pursue profits while maintaining values. Evaluation of ethical behaviour will be incorporated in performance appraisal process.

That is a very strong message from the CEO of the organization to transform the culture of the organization. Two questions in everyone’s minds are – will they succeed and how long will it take.

Closing thoughts

Bill Gates had famously said – “The world won’t care about your self-esteem. The world will expect you to accomplish something BEFORE you feel good about yourself.” Maybe organizations should care about the self-esteem of their employees and their senior management team. Studies have shown that people with higher self-esteem show more ethical behaviour and are less likely to get involved in wrongful acts. The present trend of pursuing material gains at the expense of personal values destroys self-esteem in the long run. Bankers have shown extreme tendencies to flaunt expensive toys to feel good and build a superior image. In all probability, they are caught in a catch-22 situation at a psychological level. It might not be possible to change the culture without addressing the core issues faced by the staff.

For risk managers 2012 was an eventful year. The frequency of ethical breaches, regulatory failures, operational disasters and natural calamities ensured that risk managers have their hands full and are not going to run out of work in 2013. In effect, risk management function is at a strategic inflection point and is facing disruption risks. Globalization, rapidly changing technology, economic recession in Europe, political turmoil in Middle East, growth of emerging markets and global warming has changed the risk landscape. Throw out of the window the old stance of managing risks by implementing controls and focusing just on financial processes and operational risks. The 21st century demands risk managers to focus on strategic, cultural, leadership and human resource risks. This is a bold statement to make, so here are my reasons for making the same. Do you think I am on the right track?

1. Banking Sector Culture Needs Overhauling

Though I have not done a tally of regulatory fines paid by banks during the year, the numbers are awesome. It the status quo remains the same, paying billion dollar fines will soon become fashionable. The way bankers are behaving, if culture does not change, they will start a competition on who pays the biggest fine and gets away with it. It is clear that bankers gave a lot of lip service of changing to the public after the financial crises. Nothing much changed and they remained complacent with their ability to escape any personal loss due to reckless behaviour. Even with fines, it is investor loss with hardly any personal responsibility. 2013 will determine whether bankers can do the right thing for the right reasons in the right way.

2. No One is Too Big to Go to Jail

2012 showed that breaking the law isn’t an option for top guns. Big names, for instance, Rajat Gupta and Rebecca Brooks realized the arms of law are long enough to reach them. The psychology that it only is a crime if one gets caught needs to change. A connection even with the Prime Minister doesn’t insulate a person from being held legally accountable.

The downside of capitalism is that business ethics are put on a back burner in pursuit of profitability. 2013 will see the trend of businesses focusing on building ethical cultures.

3. Senior Management Fails At A Higher Rate

Throughout the year, one heard senior managers being fired for poor performance, regulatory breaches, criminal acts or inability to keep their pants zipped. Tragic but true, that senior managers are failing to walk the talk and assume leadership is about playing power games. They ignore everything in pursuit of a bigger pay packet. It isn’t that leaders didn’t fail previously, but now they make headlines at global level.

Additionally, social media and increasing percentage of women in the workforce has made old management and leadership styles redundant. Flatter organization structures are replacinghierarchical styles. Collaboration is in focus rather than competition. Boomers are leading most organizations, and their style of leadership is passé. Hence, in 2013 we are going to witness higher leadership failures unless organizations start managing leadership risks.

4. Regulators Take A Tougher Stance

Worldwide regulators have changed their stance. Be it Comptroller and Auditor General of India, Department of Justice of USA or Financial Services Authority of UK, regulators are beating the drums for better compliance. From asking the biggest names in banking to give explanations to holding government accountable for incorrect decisions, they are leaving nothing out of the ambit. They are leading the path for risk managers to follow. In 2013, we are going to see a spate of disclosures from regulators.

Closing Thoughts

Whether we see the banking failure reports, or other aspects of business, risk managers knew and understood the risks. However, they decided to play it safe and not bell the cat. Challenging and confronting business leaders at the expense of ruining ones career can be a tough decision. One avoids the decision, especially when, the lines of accountability state that final responsibility of managing risks lies with the business leaders. However, in the times ahead risk managers won’t have this luxury. They will have to stick their neck out to ensure organization stays legally compliant and manages risks optimally. I don’t know whether this makes risk managers happy. In my view, in 2013 we should take it up as a challenge and change the dynamics of the risk management function.

The previous post raised more questions than gave answers. In light of the on-going investigation, it is difficult to predict results. However, I looked at the recently released FCPA Resource Guide to the U.S. Foreign Corrupt Practices Act by the Criminal Division of the U.S. Department of Justice and the Enforcement Division of the U.S. Securities and Exchange Commission. It sets some clear guidelines and mentions earlier cases with similar issues. It is a good read for Indian managers working in multinationals dealing with FCPA compliance requirements. I am sharing below some insights about the implications of the case.

1. Liability of Indian Employees

As per reports, the CFO and the legal team were suspended during the course of the investigation. If the US Department of Justice decides to pursue a criminal case, these employees can be prosecuted.

Interestingly enough, the Indian managers consider their capability to bribe various government officials to get a job done as strength. One often hears them saying – “Oh, I have a contact; s/he will do the job for X amount of money. Don’t worry about the legal provisions, they can be circumvented.” Since one rarely hears any action being taken by regulators on the provisions of Prevention of Corruption Act of India, hardly anyone hesitates to take or accept a bribe.

However, Indian employees working in multinationals have to think twice about paying a bribe to get a job done. The FCPA guidelines are strict. It states – “The FCPA’s anti-bribery provisions can apply to conduct both inside and outside the United States. Issuers and domestic concerns—as well as their officers, directors, employees, agents, or stockholders—may be prosecuted for using the U.S. mails or any means or instrumentality of interstate commerce in furtherance of a corrupt payment to a foreign official.” Hence, even sending mails to US boss or colleague that involves a discussion of a bribe payment can make an Indian employee liable. Considering the provisions, the best policy for Indian employees is to keep their hands clean and follow the legal process diligently.

Another aspect to note is that a bribe does not need to be paid to hold an employee liable. The guidance note says – “Also, as long as the offer, promise, authorization, or payment is made corruptly, the actor need not know the identity of the recipient; the attempt is sufficient. Thus, an executive who authorizes others to pay “whoever you need to” in a foreign government to obtain a contract has violated the FCPA—even if no bribe is ultimately offered or paid.” Hence, Indian management and employees both can be prosecuted on this basis.

2. Challenges for Licenses

With the opening of the retail sector, multinationals need to obtain various licenses to operate in India. The challenge is getting the licenses according to their business strategy and plan.

For instance, IKEA recently obtained from Foreign Investment Promotion Board (FIPB) to invest euros 1.5 billion to open 25 stores in India. However, IKEA was granted permission to open single brand stores for furniture only. It was denied permission to sell textiles, office supplies, food and drinks.

Now the question is, under these circumstances what options will the foreign investor consider? Will they agree to sell products according to permission? The permissions maybe denied for the most profitable lines of products. It may not make sense to sell products with low margins. Hence, they will have the difficult choice of either not entering the Indian market or attempt to influence the government agencies to grant permissions for selling other products. If the second option is chosen, there is a high probability of bribes being paid. More so, since Indian government officials know what will hurt the business venture of the foreign company, they might use denial tactics to coerce the organization into paying bribes. Hence, it is a vicious circle.

A LinkedIn member gave a useful suggestion to curb bribes in the licensing process. Rangarajan Gopalan, Investigator US Department of Homeland Securities in New Delhi, suggested a single window concept for obtaining licenses in retail industry. If government implements the suggestion, the retail companies will not have to run around 32 different agencies to get licenses.

3. Partner Liabilities

In the event of the holding-subsidiary relationship or joint venture partnership, the Indian company can be charged jointly and/or separately.

The guidance note illustrated the implications with a previous case. For instance, “a four-company joint venture used two agents—a British lawyer and a Japanese trading company—to bribe Nigerian government officials in order to win a series of liquefied natural gas construction projects. Together, the four multi-national corporations and the Japanese trading company paid a combined $1.7 billion in civil and criminal sanctions for their decade-long bribery scheme. In addition, the subsidiary of one of the companies pleaded guilty and a number of individuals, including the British lawyer and the former CEO of one of the companies’ subsidiaries, received significant prison terms.”

Hence, if the US company is ignorant of the bribes being paid by Indian employees to conduct business, the Indian employees can face criminal charges and the Indian organization may have to pay hefty fines.

Closing Thoughts

The Indian organizations need to assess their FCPA compliance level and not take the issue lightly. The repercussions of ignoring the issue are huge. The legal and reputation risks can put the company to a great disadvantage. Moreover, the employees must follow the legal process rather than find ways to circumvent it.

Note For Readers

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, risk management advice, or other professional advice or services. Before making any decision or taking any action that may affect your business, you should consult a qualified risk manager. The author gives her permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at jaspal.sonia1@gmail.com